AVP, Incident Response

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential. 

CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them — and their family members — achieve their physical, financial, emotional and social wellbeing goals.

For a detailed look at CNA’s benefits, check out our Candidate Guide.

This role leads the evaluation, development, implementation, and monitoring of advanced information security strategies, tools, and technologies for effectively detecting and responding to enterprise information security incidents. These incidents may pose local, national, or global threats. The position interacts with senior leadership during critical security incidents, leads daily security operations, and directs security incident response teams, including remediation protocols. This role is the subject matter expert in end-to-end processes for computer security incident responses across the enterprise, with a focus on modern fusion center operations and the evolving threat landscape.

JOB DESCRIPTION:

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

• Establishes and governs the Hybrid Security Operations Center (SOC) and technologies supporting it (including but not limited to SIEM, SOC Management, NDR, Case Management, Detection Management tools, and etc.).

• Develops and manage leadership team for managing SOC and supporting groups.

• Manages MSSP relationship end-to-end

• Leads and Manages Computer Security Incident Response Team (CSIRT/IR)

• Serves as the subject matter expert for all information security incident responses for the enterprise globally (including data, Third-Party, and other incidents).

• Provides governance for and leads the information security response process.

• Directs the response to escalated security events and drives the security incident response process on a local, national, and global level, as necessary.

• Participates in and leads the Incident Response Committee.

• Partners with CNA leadership on response strategies for enterprise-wide information security incidents.

• Leads the evaluation, development, and implementation of Incident Response Plan, information security standards, procedures, and guidelines across diverse system platforms, application environments.

• Ensures proactive compliance with security standards across the enterprise and global regulatory compliances (SEC, GDPR, OSFI, and etc.)

• Works with senior Technology, Legal, and business leaders on potential data breaches.

• Collaborates with and supports Technology, Human Resources, Legal, TPRM, and other key stakeholders.

• Provides end-to-end problem management and root cause analysis for security incidents across the enterprise.

• Leads post-incident debriefings to identify system environment, process, and/or security standard improvements.

• Performs and/or directs independent analysis of complex problems and threats, providing clear and decisive mitigation strategies.

• Conducts external investigations and research in partnership with Threat Intel team on sponsored actors in other countries to develop strategies and tactics for security responses.

• Actively communicates with CNA leadership team and key IT and business stakeholders on metrics, measures, and potential new threats.

• Works with technology Leadership to proactively develop and monitor information security strategies to protect the enterprise from existing and future threats.

• Stays up to date on current attack risks, trends, and breaches across industries through independent and collaborative research.

• Utilizes state-of-the-art tools and analyses from leading government and information security firms to continually enhance the organization’s information security readiness.

• May perform additional duties as assigned.
   

Reporting Relationship

Typically reports to VP or above.
 

Skills, Knowledge & Abilities

• In-depth understanding of SOC, SIEM, MSSP, DLP and the CSIRT process.

• Proven experience with industry-standard security technologies, such as NDR, Threat Detection Management, IDS, EDR, DLP, firewalls, and etc.

• Proven experience applying information security principles to secure platforms and prevent threats.

• Working knowledge of regulations (e.g., SOX, privacy, GDPR, NYDFS, OFSI, etc.) and internal controls as they apply to IT.

• Strong understanding of malware in static and dynamic environments and mitigation strategies.

• Superior analytical and problem-solving skills with the ability to communicate highly technical information to business leaders effectively.

• Proven ability to influence change and adoption of information security protocols and concepts.

• Ability to work extremely well under pressure while maintaining a professional image and approach.

• Preferred knowledge of the insurance industry.

Education & Experience

• Bachelor’s Degree required or equivalent work experience. Master’s Degree in Computer Science or a technical field preferred.

• Minimum of ten years of information security experience, including five years of management experience.

• CISSP, GIAC, CISM, or equivalent certifications preferred.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.